Two years after a mass surveillance system with thousands of facial recognition security cameras was introduced to the streets of Serbian capital Belgrade, concern continues to grow about the impact of the technology.The Huawei-based surveillance system sparked controversy when it was initially introduced in 2019. And now human and digital rights organizations in the country are pushing back and warning about the risks that facial recognition software can bring.

More on privacy

During the summer of 2020, the SHARE Foundation, a Belgrade-based digital rights organization that advocates for data privacy and digital security, launched a website called “Thousands of cameras”, as a space where Serbian citizens could share their concerns over the mass surveillance project. “The total loss of anonymity represents a certain loss of our freedom – the awareness that we are under constant surveillance drastically changes our decisions,” it warns.SEE: Network security policy (TechRepublic Premium)People responded to the initiative and started submitting photos and snaps of the cameras that have already been installed and pinpointing their exact locations.”Such infrastructure would enable mass surveillance of all citizens of Belgrade, having in mind that police already confirmed that they would use ID card databases for identification purposes. This is an enormous power that anyone who has access to this system would gain, and it seems that there are not enough sufficient safeguards to prevent the misuse of such power,” Danilo Krivokapic, director of the SHARE Foundation, told ZDNet.During last year, there were several pivotal moments that have highlighted concerns about the introduction of such systems.

In May 2020, there were mass rallies in Belgrade in support of the Serbian government, organized by the ruling party in Belgrade, as the country was getting ready to for parliamentary elections in June. Serbian President Aleksandar Vucic later gave a statement in which he stated the exact number of people that were present at the rally – 5,790 supporters of the ruling party. This prompted a debate in Serbian as to whether the surveillance system was actually being deployed to monitor and count the number of the people in rallies and protests.The second event came in July 2020, shortly after the elections. The government, which convincingly won the elections, wanted to add stricter measures against the COVID-19 epidemic in the country and to reintroduce lockdowns. Vucic faced protests where the police had to use force in order to disperse the protesters. After this happened, human rights organization Amnesty International warned about “credible reports” of police use of facial recognition cameras in Belgrade to identify protestors. “Amnesty International opposes use of facial recognition technology for mass surveillance, such as at protests and demonstrations. The new technology is still largely unregulated and tends to disproportionately target specific groups of people, it can have a chilling effect on the right to protest,” the organization noted in its report.According to Krivokapic, the initiative that the SHARE Foundation introduced is a part of opposition to the installation and the use of biometric surveillance not only in Serbia, but across Europe as well, as a part of the ReclaimYourFace movement.”It’s clear that deploying biometric mass surveillance on the streets of Belgrade would be unlawful and against the rights to privacy, since it can’t be considered as necessary and proportionate in a democratic society, which is a requirement proposed by both national and international legal framework in this field.” Krivokapic points out. While Serbian authorities have usually kept quiet about the scope of the project, an official document from the Serbian Ministry of Interior showed that the total number of cameras used for the surveillance system is up to 8,100. In addition to the 2,500 cameras on the traffic poles, the police also bought 3,500 mobile cameras, 600 cameras for the police vehicles and 1,500 body cameras, as a part of the police uniforms.Meanwhile, tech companies are rolling out various camera projects elsewhere across Eastern Europe as well – one of them being currently implemented in the Ukrainian capital of Kyiv. Ukrainian authorities are planning to install more than 3,000 cameras on the main roads and highways in Kyiv. SEE: Facial recognition: Don’t use it to snoop on how staff are feeling, says watchdogWhile an analytical facial recognition system has been in place in Kyiv since 2019, data privacy activists have warned about the overall lack of legal clarity when it comes to this type of technology.And much has been discussed about the shortcomings of facial recognition elsewhere across Europe, too. As ZDNet reported earlier, the Council of Europe recently published new guidelines that should be followed by governments and private companies that are considering the deployment of facial recognition technologies. Some of those guidelines include strict parameters and criteria that law enforcement agencies should adhere to when they find it justifiable to use facial recognition tools.”Facial recognition data is, obviously, tied to users’ immutable physical characteristics which some people find intrusive, and there is an additional burden of ensuring compliance with data protection legislation such as GDPR,” Michal Kratochvil, CEO of 2N Telekomunikace, a Czechia-based manufacturer of IP intercom and access-system technology, told ZDNet.And while the debate about the use of facial recognition is ongoing, with some governments and companies opting against it and others embracing it, citizens themselves, as illustrated in the case with Serbia, could also have the final say on how this and similar technologies will be used in the future.  More

The US Senate approved new cybersecurity legislation that will force critical infrastructure organizations to report cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and ransomware payments within 24 hours. 

Ukraine Crisis

The Strengthening American Cybersecurity Act passed by unanimous consent on Tuesday after being introduced on February 8 by Senators Rob Portman and Gary Peters, ranking member and chairman of the Senate Homeland Security and Governmental Affairs Committee. The act combines pieces of the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act — all of which were authored by Peters and Portman and advanced out of committee before floundering. The 200-page act includes several measures designed to modernize the federal government’s cybersecurity posture, and both Peters and Portman said the legislation was “urgently needed” in light of US support for Ukraine, which was invaded by Russia last week. 

I’m concerned that, as our nation rightly continues to support #Ukraine during Russia’s illegal, unjustifiable assault, the US will face increased cyber & ransomware attacks from Russia. The federal govt must quickly coordinate its response to any potential attacks.— Rob Portman (@senrobportman) March 2, 2022

“As our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government… This landmark legislation, which has now passed the Senate, is a significant step forward to ensuring the United States can fight back against cybercriminals and foreign adversaries who launch these persistent attacks,” Peters said. “Our landmark, bipartisan bill will ensure CISA is the lead government agency responsible for helping critical infrastructure operators and civilian federal agencies respond to and recover from major network breaches and mitigate operational impacts from hacks. I will continue urging my colleagues in the House to pass this urgently needed legislation to improve public and private cybersecurity as new vulnerabilities are discovered, and ensure that the federal government can safety and securely utilize cloud-based technology to save taxpayer dollars.”The act also authorizes the Federal Risk and Authorization Management Program (FedRAMP) for five years to ensure federal agencies can “quickly and securely adopt cloud-based technologies that improve government operations and efficiency.” The act attempts to streamline federal government cybersecurity laws to improve coordination between federal agencies and requires all civilian agencies to report all cyberattacks to CISA.

The legislation updates the threshold for agencies to report cyber incidents to Congress and gives CISA more authority to ensure it is the lead federal agency in charge of responding to cybersecurity incidents on federal civilian networks. It now heads to the House for a vote before it makes its way to President Joe Biden’s desk. Peters and Portman said they have been working with chair of the House Oversight Committee Carolyn Maloney as well as Republican and Democratic lawmakers in the House to get the bill approved. Maloney told ZDNet that the act contains the Federal Information Security Modernization Act, a provision she called one of her “top legislative priorities.””The Committee on Oversight and Reform kicked off 2022 with a bipartisan hearing and markup to examine how best to approach FISMA modernization, and we look forward to incorporating those crucial lessons learned as this effort moves through the legislative process,” Maloney said. “FISMA reform will determine our federal cybersecurity posture for years to come, and it is essential that the final bill seizes every opportunity to defend our federal networks from the onslaught of attacks they face daily.”In his own statement, Portman also touted the ways the act will update FISMA and provide “the accountability necessary to resolve longstanding weaknesses in federal cybersecurity by clarifying roles and responsibilities and requiring the government to quickly inform the American people if their information is compromised.”

ZDNet Recommends

The best network-attached storage devices

If cloud-based servers don’t meet all of your storage needs, consider a NAS solution. We selected a handful of devices that passed our reliability torture tests and offer superior usability and feature sets.

Read More

Both Senators noted that the bill would have applied to the 2021 ransomware attacks on Colonial Pipeline and global meat processor JBS. But the two said the legislation would “help ensure critical infrastructure entities such as banks, electric grids, water networks, and transportation systems are able to quickly recover and provide essential services to the American people in the event of network breaches.” CyberSaint co-founder Padriac O’Reilly works directly with critical infrastructure across financial services, utilities, and the government to measure cyber risk.O’Reilly explained that the current cybersecurity landscape has worn down the long-standing recalcitrance of certain critical infrastructure sectors with respect to the 72-hour reporting window for incidents. “There are two sections very deep in the legislation that stand out to me. They talk about a budget-based risk analysis for improving cybersecurity and metrics-based approach to cyber in general. This is precisely what is needed and it has been known for some time in the industry,” O’Reilly said. “Section 115 covers automation reporting. This is very timely as automation has been advancing in the private sector and it is key with respect to risk management going forward. I was really impressed to see this in the bill. The government has been trying for years to advance this cause across all agencies and departments. Section 119 really gets at the holy grail in risk management, which is the ability to view cybersecurity risks in a prioritized way with respect to budget.” More

Jason Hiner/ZDNETSince 2014, Google’s Chromecast has been an affordable means for helping viewers turn their older model TVs into smart TVs, allowing them to stream content from their phones, tablets, and computers to a bigger screen. Also: ‘Untrusted device’ errors on Chromecast? Google is rolling out a fixAlas, the era of the Chromecast has come to an end. Google is replacing it with the Google TV Streamer, promising a faster processor, Thread and Matter integration, and the ability to summarize TV episodes or whole seasons, among other new tricks.But that doesn’t mean the Chromecast is obsolete yet; in fact, Google has promised to continue providing software and security updates for now. I found a number of cool things anyone can do with their trusty Chromecast that most users are unaware of. More

ZDNETI’ve been using Bitwarden for a long time. I like it for its ease of use, security, feature set, and that it’s open-source.One thing about Bitwarden is that it makes it easy to move between different accounts. With the click of a menu item, you can switch between your personal account and your work account — without having to leave the Bitwarden window. That’s right, multiple accounts. But why? Also: 7 ways to get more out of your Bitwarden password managerSome businesses have policies that require users not to include personal items within a password manager. Or maybe you don’t want to have to use separate password managers for your personal and work accounts. That’s inefficient. Another reason I like to separate the two is simply for peace of mind. When I’m not in my office, I’m not working; and when I’m not working, I don’t always want to be reminded of work. By separating those accounts, I don’t have the reminders of clients and deadlines when I’m “off the clock.” But how do you do this? It’s remarkably easy. Let me show you. How to add a second account to Bitwarden What you’ll need: To make this work, you’ll need at least two valid Bitwarden accounts. You can do this on the desktop, mobile, and web versions of Bitwarden, and I’m going to demonstrate it on my Pop!_OS desktop.Let’s go. More

Hmm, what is my employee doing now? Getty Images/iStockphoto × computerusermonitorsistock-1074642242.jpg Your bosses have become a little more caring. They understand that working from home isn’t ideal. They know you may have kids or a small apartment. Or both. So, with the advent of the coronavirus, they’re showing their human side a little more. I […] More